Finjan Blog

Software Development Life Cycle or SDLC – the Process of Planning, Developing and Maintaining Secure Software

With digital technology so much a part of our daily lives, it’s easy to take software for granted. If an application on our desktop, laptop, or mobile system works, that’s all we’re concerned about. We may not even think of it as software, at all.

But if a system or app malfunctions, or if there’s an unwanted intrusion from viruses or other forms of malware, matters take a different course. This is typically followed by the irate phone call or email to IT, Technical Support, or the software vendor.

In an ideal world, this shouldn’t be the case – and in fact there’s an underlying foundation to every piece of software that we use, which is intended to ensure that our apps and computer systems function correctly, and have a high level of resistance to attacks and malicious software: The Software Development Life Cycle (SDLC).

Defining the Software Development Life Cycle

The Software Development Life Cycle or SDLC consists of a series of stages or phases which provide a systematic model for the creation and management of a software application.

There are several different variations of SDLC model, and there are different methodologies used at each phase within the process, depending on the organization or industry involved. There are also industry standards in place, such as the ISO/IEC 12207, which in some cases define the processes to establish the life cycle of a piece of software, the way it should be deployed, or how the systems it runs on should be configured.

The various types of SDLC model (which we’ll consider shortly) are sometimes referred to as Software Development Process Models – and each follows a particular life cycle in order to ensure a successful process of software development and delivery.

Purpose of the Software Development Life Cycle

Beyond the purpose suggested in our title – planning, developing, testing, deploying, and maintaining secure software – a Software Development Life Cycle is also a business process whose aim is to lower the cost and time taken for software development, while improving the quality and robustness of the product itself.

The SDLC achieves these sometimes conflicting aims by strictly following the path set out by its different phases – each of which leads on to the next. Though Software Development Life Cycle’s vary, there are certain core stages which are common to all of them, as we’ll now go on to describe.

Planning

Sometimes known as the Analysis and Definition or the Requirements Analysis phase, the SDLC kicks off with a needs gathering and planning stage, during which key questions about the software are posed, and a list of requirements is drawn up to define what it needs to be able to do.

Input at this stage is drawn in from all stakeholders: The software’s anticipated user base, the developers, and the organizations or systems backing its production.

Typical questions to be asked here would include “Who’s going to use this application?”, “How will data be input to/output from the system?”, and “What do/don’t we want to happen?”

Design

The specifications and considerations raised at the planning stage are then translated into a blueprint known as a Design Specification, which also involves specifying hardware and system requirements for the new application and defining its overall system architecture. To help perfect the design, feedback and suggestions are invited from the stakeholders.

Building

This is the phase where the actual programming code is written to construct an application based on the design distilled from the previous stages of the process. Though it’s typically the longest phase of the SDLC, it should also be one of the most straightforward – provided the planning and design have produced a clear blueprint for the developers to work with.

Testing

Perhaps the most critical phase of the Software Development Life Cycle, the testing stage consists of various levels, to ensure that the software produced actually meets the conditions it was designed for – and is able to meet conditions and circumstances that it may face in the field.

Tests may cover the spectrum from beta testing of pre-release versions of the software, through to functional procedures like unit testing, system testing, integration testing, usability testing, and acceptance testing. Because of the various tests involved, this section of the SDLC is often referred to as the Software Testing Life Cycle or STLC.

It’s during this phase that rigorous testing for security aspects is performed. This may take in tests for defects or deficiencies, security vulnerabilities, and penetration testing of the software to assess its resistance to attack conditions.

Deployment

Depending on the development model used, a phased deployment of the software may take place, with a prototype version released to a select group of users to gauge their responses and feedback, and subsequent versions released, as tweaks and amendments are made.

Maintenance

Once the software is out on general release, usability issues, glitches, and suggestions for improvement will inevitably come in from the user base. The maintenance phase of the SDLC is concerned with the updates, patches, and sometimes complete revamps made to the application, in response to changing conditions.

This is also the phase where an application which has become obsolete or unsalvageable will be retired, or withdrawn from circulation.

The Waterfall Model

Historically the oldest SDLC model, this follows a straight line path from one phase of the process to another, as each completed phase “waterfalls” into the next. As it’s necessary to finish one phase before another one can begin, delays at any stage can seriously hamper the entire process.

The V-Shaped Model

This is an extension of the waterfall model, featuring a testing round at each development stage. This introduces an additional overhead on the process, which can also become subject to delays like the waterfall model.

The Big Bang Model

Optimized for small development projects, this is a higher-risk SDLC which concentrates most of its resources on the construction or coding stage, and places less emphasis on design or a needs analysis.

The Spiral Model

This is the most flexible of the SDLC models, achieving software optimization through a repetitive process where planning, design, building and test phases are run over and over again, with small improvements at each repetition.

The Agile Model

Gaining in popularity due to its fast turnover rates, the Agile development model produces a succession of releases by separating a software product into cycles which allow a working version to be delivered very quickly. The testing of each release provides feedback for improving the next one.

The Iterative Model

Like the Spiral model, repetition is central to the Iterative SDLC. Typically, a developer will create a version of the software very quickly and at relatively low cost, which is tested and improved upon in subsequent versions.

The Software Development Life Cycle – A Few Final Thoughts

Whichever model is used, the Software Development Life Cycle – if followed through correctly – can keep all stakeholders in a software project on the same page, in terms of what’s required of the application, and how costs and resources are allocated. A well-documented and performed SDLC can also ensure high levels of product quality, application security, and management control.

Share this Post

Summary

Article Name

Software Development Life Cycle | the SDLC and a Focus On Security

Description

Software Development Life Cycle: a series of stages/phases that provide a systematic model for the creation and management of a secure software application.